Title

Author

Date of Award

Spring 1-1-2016

Document Type

Thesis

Degree Name

Master of Science (MS)

First Advisor

David P. Reed

Second Advisor

Scott J. Savage

Third Advisor

Joe E. McManus

Abstract

Streaming video now represents more than half of all Internet bandwidth consumption and consumers are spending more of their time on mobile devices resulting in total video plays moving to mobile platforms. The rapid growth of streaming Internet video and the popularity of video on mobile platforms is leading to additional avenues of advertising. The new data collection vector from mobile ad providers creates new areas of concern for the user’s privacy posture. This thesis investigates if streaming video apps implicate user privacy by sharing potentially sensitive information, how that information is shared, and the role of advertisers. Testing was conducted on 10 popular mobile video apps on both Android and iOS platforms using a Man-in-the-Middle proxy and specialized Wi-Fi access point to capture data flows originating from the apps. The captured data flows were analyzed using a list of keywords representing potentially sensitive information, resulting in a subset of data containing potentially sensitive data leaks. App vendor privacy policies were analyzed and compared to the captured app data leaks. The majority of the app privacy policies were complex, lacked transparency, and 6 apps were misaligned with their associated policy, sharing potentially sensitive information to third parties not conveyed to the user by the policy. Nearly all of the video apps tested in this thesis leaked potentially sensitive information about the user to third parties. The apps connected to 28 different ad networks and half of the apps shared data with these networks. Additionally, half of the apps shared potentially sensitive information with third parties in an insecure manner, creating the need for increased adoption of secure communications. Through interdisciplinary analysis, this thesis provides increased understanding of privacy implications from mobile video apps, and a description of how the advertising-based business model of television is transitioning to the online environment.